package com.itcm.springsecuritydemo.controller;


import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class LoginController {

    /**
     * 登录失败跳转
     * @return 登录失败页面
     */
    @PostMapping("toError")
    public String toError(){
        return "redirect:error.html";
    }


    @GetMapping("testSecured1")
    @ResponseBody
    @Secured("ROLE_admin")
    public String testSecured1(){
        return "test success";
    }


    @GetMapping("testSecured2")
    @ResponseBody
    @Secured("ROLE_admin2")
    public String testSecured2(){
        return "test success";
    }

    @GetMapping("testPreAuth")
    @ResponseBody
    // 这里区别于配置类的是：这里abc加了ROLE_前缀也是可以的
    @PreAuthorize("hasRole('abc')")
    public String testPreAuth(){
        return "test success";
    }

    @RequestMapping("demo")
    public String demo(){
        return "demo";
    }

    // 测试登录传参csrf
    @RequestMapping("showLogin")
    public String showLogin(){
        return "login";
    }
}
